Back to Codebase

Vulnerability Analysis Report

WordPress Core v5.2.5

Scan ID: SCAN-WORDPRESS-CORE-I87opT • Hash: d18f655c

Severity Score
High
Total Findings
5
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.438s

Vulnerability Details

L1102

Potential SQL Injection in class-wp-debug-data.php

CWE-89
File Location: wp-admin/includes/class-wp-debug-data.php:1102
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $rows = $wpdb->get_results( 'SHOW TABLE STATUS', ARRAY_A );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L133

Potential SQL Injection in class-wp-site-health.php

CWE-89
File Location: wp-admin/includes/class-wp-site-health.php:133
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->mysql_server_version = $wpdb->get_var( 'SELECT VERSION()' );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L209

Cross-Site Scripting (XSS) in class-wp-posts-list-table.php

CWE-79
File Location: wp-admin/includes/class-wp-posts-list-table.php:209
Security Score:
89 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- echo get_post_type_object( $this->screen->post_type )->labels->not_found;
+ echo esc_html(get_post_type_object( $this->screen->post_type )->labels->not_found);
L1289

Cross-Site Scripting (XSS) in class-wp-posts-list-table.php

CWE-79
File Location: wp-admin/includes/class-wp-posts-list-table.php:1289
Security Score:
89 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- <tr id="post-<?php echo $post->ID; ?>" class="<?php echo implode( ' ', get_post_class( $classes, $post->ID ) ); ?>">
+ echo esc_html($post->ID);
L1830

Cross-Site Scripting (XSS) in class-wp-posts-list-table.php

CWE-79
File Location: wp-admin/includes/class-wp-posts-list-table.php:1830
Security Score:
89 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- <option value="0"><?php echo get_post_format_string( 'standard' ); ?></option>
+ echo esc_html(get_post_format_string( 'standard' ));